Paths

Table of Contentst

Differential D28501

armv8crypto: Fix some edge cases in the AES-GCM implementation
ClosedPublic
Actions

Authored by markj on Feb 5 2021, 2:25 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Mar 7 2024, 3:56 PM

	Unknown Object (File)
	Mar 2 2024, 4:39 PM

	Unknown Object (File)
	Feb 19 2024, 10:09 PM

	Unknown Object (File)
	Dec 14 2023, 8:17 PM

	Unknown Object (File)
	Dec 7 2023, 6:09 PM

	Unknown Object (File)
	Sep 11 2023, 7:01 AM

	Unknown Object (File)
	Sep 3 2023, 4:23 AM

	Unknown Object (File)
	Sep 2 2023, 2:44 AM

View All 16 Files

Subscribers

Details

Reviewers

jmg
gonzo
jhb

Commits

rG46d3e8cd88fa: armv8crypto: Fix some edge cases in the AES-GCM implementation
rG860e0c7fb848: armv8crypto: Fix some edge cases in the AES-GCM implementation
rG0dc7076037a8: armv8crypto: Fix some edge cases in the AES-GCM implementation

Summary

We only hash up to the first 16 bytes of the AAD.
When computing the digest during decryption, handle the case where len == trailer properly.

While here:

trailer is always smaller than AES_BLOCK_LEN, so remove a pair of unnecessary modulus operations.
Replace some byte-by-byte loops with memcpy() and memset() calls. In particular, zero the full block before copying a partial block into it since we do that elsewhere and it means that the memset() length is known at compile time.

Test Plan

Noticed when doing some refactoring, verified with cryptocheck.

Specifically, I used cryptocheck -d soft -a aes-gcm -z.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 36733
Build 33622: arc lint + arc unit

Event Timeline

markj created this revision.Feb 5 2021, 2:25 PM

Herald added a reviewer: jmg. · View Herald TranscriptFeb 5 2021, 2:25 PM

Herald added subscribers: andrew, imp. · View Herald Transcript

markj requested review of this revision.Feb 5 2021, 2:25 PM

Harbormaster completed remote builds in B36733: Diff 83410.Feb 5 2021, 2:25 PM

markj edited the test plan for this revision. (Show Details)Feb 5 2021, 2:27 PM

markj added reviewers: gonzo, jhb.

jhb accepted this revision.Feb 5 2021, 5:08 PM

This revision is now accepted and ready to land.Feb 5 2021, 5:08 PM

Closed by commit rG0dc7076037a8: armv8crypto: Fix some edge cases in the AES-GCM implementation (authored by markj). · Explain WhyFeb 8 2021, 2:24 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG0dc7076037a8: armv8crypto: Fix some edge cases in the AES-GCM implementation.

markj added a commit: rG860e0c7fb848: armv8crypto: Fix some edge cases in the AES-GCM implementation.Feb 11 2021, 3:27 PM

markj added a commit: rG46d3e8cd88fa: armv8crypto: Fix some edge cases in the AES-GCM implementation.Feb 11 2021, 4:48 PM

Revision Contents
Changeset List

Path

Size

sys/

crypto/

armv8/

armv8_crypto_wrap.c

47 lines

Diff 83410

sys/crypto/armv8/armv8_crypto_wrap.c

Loading...